ā10-12-2011 05:36 AM - edited ā03-10-2019 06:28 PM
Hi,
I use ACS appliance 1120 for cisco devices administration. The identity store is external. I use Active directory.
Actually, Authentication, authorization and accounting work well but users can not change theirs Active directory password when they have expired.
Do you now how to configure ACS to permit password changing?
Thanks
MoĆÆse YAMEOGO
ā10-12-2011 05:41 AM
This capability is available I think in ACS 5.1 and onwards. You would need to download rhe version from CCO and upgrade. Note if you install 5.1 I would recommend to install the latest cummulative patch for ACS 5.1 as well: 5.1.0.44.6
Note that ACS product line is now up to ACS 5.3
ā10-12-2011 06:09 AM
Hi, Thanks for your response.
I think that this capability is also available in ACS 5.0. In the ACS user guide, it noted that " Changing the password for EAP-FAST and PEAP with inner MSCHAPv2 is also supported.
I use TACACS+ as AAA protocol. May be there is configuration to do in ACS or device?
Thanks
ā10-12-2011 06:36 AM
Right the flow is there but I think specifically support for change password on AD is only in 5.1
Can check by going to
Users and Identity Stores > External Identity Stores > Active Directory
and see if have flag "Allow password change"
ā10-12-2011 07:40 AM
Yes, there is a flag on "allow password change", but it does not work.
is there no other configuration is done on equipment or on the acs?
Thanks
ā10-21-2011 06:39 AM
Sorry for going dark on you
I am pretty sure that you will find this working in ACS 5.1 and onwards but haven't yet managed to dig out any history/CDETS to confirm the change that was made in ACS 5.1
My recommendation remains to:
" install 5.1 I would recommend to install the latest cummulative patch for ACS 5.1 as well: 5.1.0.44.6"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide